From 7f4b3a212c9f72b5107c17d2c9d594d5f76438fb Mon Sep 17 00:00:00 2001
From: Diego Najar <diego.najar@pmi.com>
Date: Mon, 31 May 2021 12:26:59 +0200
Subject: [PATCH] Bug Fix for Allowed users and updated Helm chart

---
 chart/another-ldap-auth/Chart.yaml                | 4 ++--
 chart/another-ldap-auth/README.md                 | 4 ++--
 chart/another-ldap-auth/templates/deployment.yaml | 6 ++++--
 chart/another-ldap-auth/values.yaml               | 8 ++++----
 files/main.py                                     | 5 ++++-
 5 files changed, 16 insertions(+), 11 deletions(-)

diff --git a/chart/another-ldap-auth/Chart.yaml b/chart/another-ldap-auth/Chart.yaml
index 797a3b7..cd4c02b 100644
--- a/chart/another-ldap-auth/Chart.yaml
+++ b/chart/another-ldap-auth/Chart.yaml
@@ -2,8 +2,8 @@ apiVersion: v2
 name: another-ldap-auth
 description: A Helm chart using another-ldap-auth to enable AD or LDAP based basic-authentication for ingress resources
 type: application
-version: 0.1.0
-appVersion: 1.9.0
+version: 0.2.0
+appVersion: 2.0.1
 keywords:
   - ingress
   - nginx
diff --git a/chart/another-ldap-auth/README.md b/chart/another-ldap-auth/README.md
index 2d30c23..ae89d63 100644
--- a/chart/another-ldap-auth/README.md
+++ b/chart/another-ldap-auth/README.md
@@ -1,6 +1,6 @@
 # another-ldap-auth
 
-![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.9.0](https://img.shields.io/badge/AppVersion-1.9.0-informational?style=flat-square)
+![Version: 0.2.0](https://img.shields.io/badge/Version-0.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.0.1](https://img.shields.io/badge/AppVersion-2.0.1-informational?style=flat-square)
 
 A Helm chart using another-ldap-auth to enable AD or LDAP based basic-authentication for ingress resources
 
@@ -32,7 +32,7 @@ A Helm chart using another-ldap-auth to enable AD or LDAP based basic-authentica
 | ldap.managerDnUsername | string | `"CN=john,OU=Administrators,DC=TESTMYLDAP,DC=COM"` |  |
 | ldap.searchBase | string | `"DC=TESTMYLDAP,DC=COM"` |  |
 | ldap.searchFilter | string | `"(sAMAccountName={username})"` |  |
-| ldap.serverDomain | string | `"TESTMYLDAP.COM"` |  |
+| ldap.bindDN | string | `"{username}@TESTMYLDAP.com"` |  |
 | nameOverride | string | `""` |  |
 | nodeSelector | object | `{}` |  |
 | podAnnotations | object | `{}` |  |
diff --git a/chart/another-ldap-auth/templates/deployment.yaml b/chart/another-ldap-auth/templates/deployment.yaml
index 04a214e..dafe77f 100644
--- a/chart/another-ldap-auth/templates/deployment.yaml
+++ b/chart/another-ldap-auth/templates/deployment.yaml
@@ -42,14 +42,16 @@ spec:
               value: {{ .Values.ldap.httpsSupport }}
             - name: LDAP_MANAGER_DN_USERNAME
               value: {{ .Values.ldap.managerDnUsername }}
-            - name: LDAP_SERVER_DOMAIN
-              value: {{ .Values.ldap.serverDomain }}
+            - name: LDAP_BIND_DN
+              value: {{ .Values.ldap.bindDN }}
             - name: LDAP_SEARCH_BASE
               value: {{ .Values.ldap.searchBase }}
             - name: LDAP_SEARCH_FILTER
               value: {{ .Values.ldap.searchFilter }}
             - name: LOG_LEVEL
               value: {{ .Values.ldap.logLevel }}
+            - name: LOG_FORMAT
+              value: {{ .Values.ldap.logFormat }}
             - name: LDAP_MANAGER_PASSWORD
               valueFrom:
                 secretKeyRef:
diff --git a/chart/another-ldap-auth/values.yaml b/chart/another-ldap-auth/values.yaml
index d1fb512..dc7e254 100644
--- a/chart/another-ldap-auth/values.yaml
+++ b/chart/another-ldap-auth/values.yaml
@@ -3,7 +3,7 @@ replicaCount: 1
 image:
   repository: dignajar/another-ldap-auth
   pullPolicy: IfNotPresent
-  tag: "1.9"
+  tag: "2.0.1"
 
 imagePullSecrets: []
 nameOverride: ""
@@ -12,17 +12,17 @@ fullnameOverride: ""
 # AD config
 ldap:
   existingSecret:
-  logLevel: INFO
+  logLevel: "INFO"
+  logFormat: "TEXT"
   cacheExpiration: 10
   httpsSupport: "enabled"
   endpoint: "ldaps://testmyldap.com:636"
   managerDnUsername: "CN=john,OU=Administrators,DC=TESTMYLDAP,DC=COM"
   managerDnPassword:
-  serverDomain: "TESTMYLDAP.COM"
+  bindDN: "{username}@TESTMYLDAP.com"
   searchBase: "DC=TESTMYLDAP,DC=COM"
   searchFilter: "(sAMAccountName={username})"
 
-
 serviceAccount:
   # Specifies whether a service account should be created
   create: true
diff --git a/files/main.py b/files/main.py
index 604f046..d074e84 100644
--- a/files/main.py
+++ b/files/main.py
@@ -148,9 +148,12 @@ def login(username, password):
 		matchingUsers = LDAP_ALLOWED_USERS.split(",") # Convert string to list
 		matchingUsers = list(map(cleanMatchingUsers, matchingUsers))
 		if username in matchingUsers:
-			logs.info({'message':'Username inside the matching users list.', 'username': username, 'matchingUsers': ','.join(matchingUsers)})
+			logs.info({'message':'Username inside the allowed users list.', 'username': username, 'matchingUsers': ','.join(matchingUsers)})
 			setRegister(username, [])
 			return True
+		elif not LDAP_ALLOWED_GROUPS:
+			logs.info({'message':'Username not found inside the allowed users list.', 'username': username, 'matchingUsers': ','.join(matchingUsers)})
+			return False
 
 	# Validate user via matching groups
 	matchedGroups = []